<?php

/* UnRegister Globals
 * If Register Globals are ON, unset injected variables.
 */
if(isset($_REQUEST)) 
{
	foreach ($_REQUEST as $key => $value) {
		if (isset($GLOBALS[$key]))
			unset($GLOBALS[$key]);
	}
	unset($key);
}

/* Cross Site Scripting, Remote File Inclusion, etc.
 * Check for strange characters in $_GET keys.
 * All keys with or "/" or ".." or ":" or "<" or ">" or "=" or ";" or ")" are blocked, so that it's virtually impossible to inject any HTML-code, or external websites.
 */
foreach ($_GET as $get_key => $get_value) {
	if(is_array($get_value)) continue;
	
	$c='';
	if (   
		(preg_match('|[\\\]+|', $get_value) && $c='\\')
		|| strpos($get_value, $c='..') !== false 
			//|| strpos($get_value, ':') !== false  // disable to open posibility for update date & time with ':'
		|| strpos($get_value, $c='<') !== false 
		|| strpos($get_value, $c='>') !== false 
		//|| strpos($get_value, $c='=') !== false //disable for widgets settings
		//|| strpos($get_value, $c=';') !== false //disable for widgets settings
		//|| strpos($get_value, ')') !== false / disable to open posibility for rename filename with '()'
		)
		die ("A hacking attempt has been detected ($get_key contain $c in value $get_value). For security reasons, we\'re blocking any code execution. ");
}
unset($get_key);


/*
 * Check if we have a saved security token. If not, generate one and save it.
 */
 /*
if (!file_exists(SETTINGS_DIR.'/token.php')) 
{
	$token = hash('sha512', uniqid(mt_rand(), true));
	$data = fopen(SETTINGS_DIR.'/token.php', 'w');
	fputs($data, '<?php $token = \''.$token.'\'; ?>');
	fclose($data);
	chmod(SETTINGS_DIR.'/token.php', 0777);
	unset($token);
}
*/
?>